National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,324 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2019-17529

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Core/Ap4Atom.cpp.

Published: October 12, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17528

An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.

Published: October 12, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17502

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.

Published: October 12, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-17522

A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1.

Published: October 12, 2019; 02:15:16 PM -04:00
(not available)
CVE-2019-17521

An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerability that can change the admin's password via the password/ URI,

Published: October 12, 2019; 02:15:13 PM -04:00
(not available)
CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.

Published: October 12, 2019; 09:15:10 AM -04:00
(not available)
CVE-2017-18638

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.

Published: October 11, 2019; 07:15:10 PM -04:00
(not available)
CVE-2019-17176

Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).

Published: October 11, 2019; 05:15:08 PM -04:00
(not available)
CVE-2019-17510

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.

Published: October 11, 2019; 04:15:17 PM -04:00
(not available)
CVE-2019-17509

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.

Published: October 11, 2019; 04:15:17 PM -04:00
(not available)
CVE-2019-17508

On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

Published: October 11, 2019; 04:15:17 PM -04:00
(not available)
CVE-2019-17507

An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.

Published: October 11, 2019; 04:15:17 PM -04:00
(not available)
CVE-2019-17506

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

Published: October 11, 2019; 04:15:17 PM -04:00
(not available)
CVE-2019-17505

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.

Published: October 11, 2019; 04:15:16 PM -04:00
(not available)
CVE-2018-21028

Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.

Published: October 11, 2019; 04:15:16 PM -04:00
(not available)
CVE-2018-21027

Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.

Published: October 11, 2019; 04:15:16 PM -04:00
(not available)
CVE-2018-20582

The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery.

Published: October 11, 2019; 04:15:16 PM -04:00
(not available)
CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Published: October 11, 2019; 03:15:10 PM -04:00
(not available)
CVE-2019-2187

In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143

Published: October 11, 2019; 03:15:10 PM -04:00
(not available)
CVE-2019-2186

In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447

Published: October 11, 2019; 03:15:10 PM -04:00
(not available)